sn0xsharma
Login
sn0xsharma
Posts
Introduction-to-bug-bounty-with-automati ...

Introduction-to-bug-bounty-with-automation.

May 24, 2021

Who am i ? hey guys my name is sn0x. i am cyber security researcher |Bug hunter |machine learning |AWS |CEH |eWPTXv2 certified.

CONTENT :

1.How to avoid fear of starting?

2. Resources

3. Consistency & Discipline

4. Automations

5. What exactly do i automate?

6. Automate your vulnerability scanning

7. Collaborations & community

8 . Knowledge

9. Hack where is less competitions

10.Duplicates

11. Learn the attacks !

12. Important

How to avoid fear of starting?

We all have many question that comes to in our my mind that ,

Bug bounty is too hard !!! ,

there is no way to find bugs :((( ,

how to exactly get into bug bounty ? …….and so on

but what is real truth about bug bounty ?

= 100% you can succeed earning money on 1 year.All this ,is just on your heard.

= forgot your fears ad just DO IT. (ignore all the fear)

= No one is cares succeed or not — you have to choice to keep leaving in this low level of life of change ir forever.

Stop your Distractions :

  1. Log out of YouTube , Netflix , Turn your phone off.

2. Create a space where you can focus and eliminate all distractions.

3. take a Deep breath and just start !

Focus on education ! remember the bug bounty is really different from pentesting

Resources :

  1. the bug hunter’s Methodology by jhaddix

  2. Read Books : the web application hackers handbook 2 (use it as a reference) | web hacking 101 | hackers playbook all |
    hacking the art of exploitation |mastering web pentesting |
     OWASP testing guide |mobile application hackers handbook(for mobile) etc

  3. pentester labs = postswigger lab

  4. follow hackers on all the platforms — Nahamsec | Stok |naffy | insidePHD |condingo | farah hawah | Aditya bug | live overflow | ansh bhawani |ed overflow |tomnomnom | hukluke | etc

  5. Article or blogs : Hackerone public reports (how this all happen public posted write ups) | reddit forums (#netsec) | bugcrowd or owasp blogs |defcon conferrence videos | git hub pages.

Consistency & Discipline :

Small incremental points everyday.

planning a learning habits for learning bug bounty.

Handle your failure , failure is the most important thing in your life because sometimes success boost your ego !!

Automation

1 . Automate tool can help you discover more bugs

2. Automate system can generate a passive income

3. the longer we spend on automation, the more money you can earn

4. spend half of time with manual automation and the other half in building automating systems.

What exactly do i automate ?

1 . Firstly, think about data storage

Organize , scalable , and easy searched way to store all the data captured during the automation. 1- you can use slack API. 2- Text file

2. What need to notified by:

i ) Batch notification (once per day)

ii ) one notifications contain all found subdomains

iii ) Heavily curate the notification : Actual vulnerability not any recon results.if you use SLACK: channel to recon (mute the channel) or channel to vulnerability (with notification setting)

3. Automating you recon :

i ) Writing WRAPPERS around existing tools to fit your need, for example python WRAPPER which call the amass binary and then process and stores the results…etc

ii ) Build your own tools/stuff : for example ,Subdomain enumeration….etc.

Automate your vulnerability scanning :

1. Nuclei project discovery (highly recommended).

2. Scan for custom things you designed yourself.

3. Add threading- improve your speed (require system with high resource).

4. Scale out using multiple systems : Kubernetes, message brokers (redis and rabbitmq),Axiom “GITHUB” by pry0cc (highly recommended).

Collaboration & Community :

  1. Your collaboration is mutual beneficial.

  2. Agree on the term of collaboration from the beginning

for example : what will split if you make money

ii ) who’s responsible doing what ?

iii ) How much information be shared together ?

3. join conversation on twitter, telegram , discord ,whatsAPP groups etc..

4. Share tips , write-up, etc

5. write your own write-ups ,blogs ,article…etc

Knowledge

  1. Fundamentals (roots of the tree ) important

  2. basic networking

  3. how to use bash ?

  4. how to web application work?

  5. how the internet works ?

  6. How website works ,DNS.

  7. how they transfer the data ?

  8. OWASP top 10 (web+mobile)

  9. how to google ?

Hack where is less competitions

  1. Be the first where is any program is opened

  2. Use automation to detect new targets

  3. Detect change in your existing targets using automation (DNS record..etc)

  4. Run a web crawler (such burp) with the same setting every time => you’ll notice and find any new points suddenly appears.

  5. Creativity is a KEY !!

Duplicates

  1. Duplicates are not bad at all! It tells you that you are on the right path!

  2. But certainly getting around these duplicates is the thing you really want!

  3. While hacking an excellent thing to remember is, “One vulnerability can be exploited using one or more different ways.” While your way might be different.

Learn the attacks!

As you already have covered OWASP Top 10, some other great platforms teach you more attack vectors plus a lab to try your hands on such vulnerabilities. This time we are sharing some of these platform links with you, :)

1- Web security academy: free online training from portSwigger { https://portswigger.net/web-security}

2- Pentester: Learn Web penetration testing: the right way { www.pentesterlab.com }

3- Pentester Academy : learn pentesting Online {www.pentesteracademy.com}

4- Learn about web application vulnerabilities and how to find them on bug bounty programs {BugBountyHunter.com}

Important

Patience is the key! = One of the most important things to understand about bug bounty is, it may take time to find your first bug and evolve as a good bug hunter! No one in the world became a good hacker in a day or even in a month. It will take time. So invest most of the time in learning! “Remember, hacking is learning!”

Bug bounty needs your time and money! Sometimes it can give you frustration, burnout. But in return, it will also give you the happiness of helping and securing the company’s assets and obviously a recognization in different ways to remember for a lifetime! :)

  1. Eat healthy food

  2. Exercising regularly

  3. sleeping enough

  4. health before anything else

  5. read inspiring books

  6. mediating

  7. listen to podcast

  8. being creative , inspired and disciplined outside of computers

follow me on

Github : sn0x-sharma

Instagram : sn0x

To support me {https://www.buymeacoffee.com/sn0xsharma}

Enjoy this post?

Buy sn0xsharma a coffee

More from sn0xsharma

    Item 1 of 1
    English
    PrivacyTermsReport
    Start your Buy Me a Coffee page